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1  Administrative 

MURI  grant  number:  DAAD-19-01-1-0473. 

Project  title:  Advanced  Tool  Integration  for  Embedded  System  Assurance. 

Duration  of  the  MURI  grant:  6/1/01-4/30/06. 

Program  Manager: 

Dr.  David  Hislop,  Army  Research  Office 
Principal  Investigator: 

Prof.  Insup  Lee,  University  of  Pennsylvania 
Institution: 

University  of  Pennsylvania 
3451  Walnut  Street  Room  P221 
Philadelphia,  PA  19104 

MURI  Team: 

University  of  Pennsylvania  Prof.  Insup  Lee 

Prof.  Rajeev  Alur 
Prof.  Sampath  Kannan 
Dr.  Oleg  Sokolsky 
University  of  Illinois,  Prof.  Carl  Gunter 

Urbana-Champaign  Dr.  Elsa  Gunter 

University  of  Michigan  Prof.  Kang  Shin 

Most  recent  program  review:  5*^  Annual  Review  and  Workshop  of  the  High-Confidence 
Embedded  Systems  program,  May  10-11,  2005.  Government  participants  included  Dr.  David 
Hislop,  Army  Research  Office,  Mr.  Bruce  Lewis,  Army  Missile  Command,  Mr.  Paul  Jones, 
U.S.  Food  and  Drug  Administration. 
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2  Program  Objective 


The  goal  of  the  project  is  to  develop  a  principled,  model-based,  and  tool-supported  approach 
to  design  and  implementation  of  digital  software  interacting  with  physical  environment  with 
high  assurance  of  rehability.  The  technical  approach  uses  mathematical  foundations  of  hybrid 
systems  theory  that  combines  tools  from  control  theory  (optimal  control,  dynamical  systems) 
and  software  engineering  (concurrency,  compositionality,  model  checking). 


3  Accomplishments 

We  have  developed  a  framework  for  the  integration  of  a  suite  of  methods  and  tools  for 
the  specification,  analysis,  development,  testing,  prototyping,  simulation  and  monitoring  of 
embedded  software.  The  framework  is  called  HASTEN  (High  Assurance  Systems  Tools  and 
Environments)  and  is  based  on  systems  that  support  formal  specification  and  verification, 
test  generation  from  specifications,  prototyping  and  simulation,  and  run-time  monitoring 
and  checking. 

A  software  engineering  process  is  centered  around  the  development  of  two  entities,  re¬ 
quirements  artifacts  and  system  artifacts,  and  the  validation  of  system  artifacts  with  respect 
to  requirements  artifacts.  Requirement  artifacts,  initially  constructed  informally  through  the 
requirements  elicitation,  are  gradually  refined  into  more  rigorous  representations.  System  ar¬ 
tifacts  can  range  from  design  documents  and  specifications,  to  prototypes  and  specifications, 
to  executable  code.  Each  of  them  are  developed  to  satisfy  some  of  the  requirements.  Tech¬ 
niques  such  as  prototyping,  simulation,  verification,  testing,  and  monitoring  can  be  used  to 
evaluate  that  a  system  artifact  meets  its  requirements  during  development  and  deployment 
of  the  system.  Evaluation  results  are  used  as  feedback  to  modify  the  system  artifacts,  and 
sometimes  the  requirements.  Any  changes  to  the  system  and  requirement  artifacts,  in  turn, 
necessitates  a  new  round  of  analysis. 

Individual  techniques  that  we  have  developed  to  support  the  HASTEN  framework  in¬ 
clude: 

End-to-end  analysis  of  embedded  systems.  AIRES  (Automatic  Integration  of  Reusable 
Embedded  Software)  is  a  software  toolkit  for  high-level  design  and  end-to-end  analysis 
of  embedded/real-time  systems.  Application  software  is  modeled  as  graphs  that  repre¬ 
sent  tasks  and  their  interconnections.  AIRES  then  explores  allocations  of  application 
software  to  the  hardware  platform,  to  help  designers  make  design  decisions  such  as 
task  formation  and  priority  assigmnent,  and  perform  a  schedulability  analysis. 

Hierarchical  modeling  and  analysis  of  hybrid  systems.  We  model  embedded  systems 
applications  using  the  modeling  language  CHARON,  which  combines  discrete  mode 
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switching  represented  as  hierarchical  state  machines  enriched  with  continuous  behav¬ 
iors  expressed  by  differential  equations. 

Code  generation  from  hybrid  systems  models.  We  define  a  series  of  formal  transfor¬ 
mations  of  the  original  model  that  gradually  evolve  into  C-t-l-  code,  preserving  the 
original  model  semantics. 

Model-driven  test  generation.  Test  generation  based  on  extended  finite  state  machine 
(EFSM)  models  is  performed  using  coverage  criteria  based  on  control  flow  and  data 
flow  in  the  system.  In  addition,  an  extension  to  the  CHARON  toolset  implements  a 
randomized  test  generation  approach,  which  allows  to  quickly  accumulate  substantial 
coverage  of  the  model  in  the  cases  that  cannot  be  analytically  processed. 

Run-time  verification.  Monitoring  and  run-time  checking  of  compliance  with  require¬ 
ments  relies  on  automatic  generation  of  checkers  fi'om  requirements  artifacts.  Checkers 
operate  on  a  sequence  of  events  monitored  from  a  running  system.  Automatically  gen¬ 
erated  instrumentation  probes  ensure  that  all  information  relevant  to  checking  of  a 
given  property  is  performed. 

Interface  synthesis  for  software  objects.  We  have  developed  JIST  (Java  Interface  Syn¬ 
thesis  Tool) ,  which  is  a  set  of  automated  tools  and  techniques  to  synthesize  interfaces  to 
Java  modules.  Given  a  Java  class  file  F  that  offers  a  set  of  method  calls  M,  an  interface 
to  F  is  a  small  set  of  rules  that  capture  the  correct  sequences  of  calls  of  methods  in  M. 
The  JIST  tool  extracts  a  small  interface  for  a  Java  class  automatically  using  boolean 
abstraction  of  Java  byte  code,  followed  by  solving  games  over  the  boolean  model  using 
state-space  exploration  heuristics  (HDDs,  SAT  solvers,  etc.). 

Research  supported  by  the  project  resulted  in  22  publications  in  peer-reviewed  jounals, 
89  publications  in  refereed  conference  proceedmgs,  and  one  book  chapter.  One  patent  appli¬ 
cation  has  been  filed.  The  project  supported  16  Ph.D.  students,  6  M.Sc.  students,  and  one 
post-doctoral  fellow. 


4  Suggestions  for  the  Future 

Overall,  the  project  led  to  a  number  of  successful  developments  that  have  reached,  or  are 
close  to  reaching,  the  technology  transfer  stage.  At  the  same  time,  a  number  of  hard  open 
problems  in  the  high-confidence  embedded  systems  area  remain.  While  academic  research 
will  be  able  to  make  further  progress  towards  solving  these  problems,  its  full  potential  will  be 
realized  only  through  team  projects  that  combine  academic  researcher  with  domain  experts 
from  industry. 
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